OUCH! Free Content gets hurt by enabled Ad Blockers

A Toronto-based software firm means to bring better security to the storage area network (SAN) space, and it wants customers’ help to do so.

Kasten Chase Applied Research Ltd. in December announced the formation of a Secure Networked Storage Advisory Council – a collective of storage-minded technology vendors and users that will “establish best practices for implementation of secure networked storage solutions,” according to the firm’s statement.

The council ultimately will suggest improvements for Kasten Chase’s Assurency Secure Networked Storage solution – an authentication program meant to guard against SAN intrusions.

Kasten Chase will seek advice from those who manage complex SANs, said Hari Venkatacharya, the company’s senior vice-president of secure networked storage.

“We wanted something broad-based, including vendor partners as well as customers, to get feedback of the evolving architecture and implementation of our product,” he said, describing the advisory group’s mandate. “We’ve seen a number of councils come forward, but we haven’t seen a lot of representation from end-customers there.”

Still, as of press time, few of the company’s customers had signed on to Kasten Chase’s council. Venkatacharya said these are early days and it will only be a matter of time before users join up.

SAN security is a bigger issue than some might think, Venkatacharya said. Although networked storage does not represent the “low-hanging fruit” that intruders generally chase, it is perhaps a more fulfilling find.

“My concern is, as you have more and more critical and sensitive information stored in these data farms, it’s simply a time bomb waiting to explode,” Venkatacharya said.

“Now customers are looking to replication techniques – I’ll have [data] here and I’ll have it there. The moment you have it ‘and there’ it’s now travelling a public link and it’s exposed.

“That’s your most critical asset, your data. What happens if it falls into the wrong hands? You’re compromising your customers; you could lose your intellectual property. That could put you out of business.”

Meanwhile, today’s security measures cannot keep up with increasingly distributed and vulnerable SAN architecture, said Venkatacharya.

For example, status-quo sentries like zoning and LUN masking allow “spoofing”, where, for example, a malicious tech maven could attach to the network an unauthorized device and make the network think the device belongs. Thereafter, the intruder could direct sensitive information to that device, collect the data and use it for some nefarious purpose.

Venkatacharya said Kasten Chase has an answer in its Assurency solution.

“If you…authenticate all HBAs (host bus adapters) to the fabric individually, you’re not going to be able to mimic the HBA and gain access to the information,” he said, explaining that the program authenticates individual network elements and thwarts intruders.

Soliciting user input to improve Assurency is a smart move on Kasten Chase’s part, said Mike Alvarado, chairman of another storage security-minded group, the Storage Security Industry Forum (SSIF), which was formed from the Storage Networking Industry Association (SNIA) in July 2002.

“There are a few perspectives that end users are going to bring,” Alvarado said. “If they’re using the vendor’s product, it’s…good for end users to advise vendors where they want improvements.”

User input informs the standards space as well, he said. The SSIF, which mulls over cross-platform protection protocols, also has a user contingent.

But Alvarado said his group keeps a “necessary distance” between users and vendors. The users’ section members do not hold vendor seats on other SNIA orgs, for example.

“The end user has to know there’s no commercial transaction on the table,” he said.